Vulnerability Scanning Policy

Purpose

This policy establishes the minimum requirements and responsibilities for scanning software and hardware tools for vulnerabilities and malware prior to implementation in the Uncanny Software environment.

Scope

This policy applies to all individuals with access to Uncanny Software information.

Policy

Program

Internal Scanning - All Uncanny Software hardware development systems are to be scanned via our endpoint security software administered by our IT department.

External Scanning - Uncanny Software will remain subscribed to Security Scorecard for monthly scanning of potential vulnerabilities across, Network, DNS, Application Security, IP reputation, Endpoint Security, Cubit Score, Hacker Chatter, Information leak and Social Engineering. In addition, we will conduct an annual 3rd party penetration test.

Enforcement

Policy Sanctions – Uncanny Software must implement sanctions against employees and third parties who violate the policies.

Exceptions

Exceptions to Policies — Exceptions to information security policies are permissible only in those instances where the request has been approved by the Head of Information Security.

Responsibility Assignment

Information Security Team Responsibilities - The Information Security team is responsible for establishing and maintaining company-wide information security policies, standards and procedures.

Policy Review

Review of Information Security Policy Documents - Information security policy documents should be reviewed if necessary on an annual basis by the Information Security team, or when a significant change occurs.

Other Requirements

Laws, Regulations and Contractual Requirements - The Information Security team must collaborate with the Legal team as needed to ensure that information security program components are continuously in compliance with applicable laws and regulations, and contractual obligations with Uncanny Software customers.

Violations

Any violation of this policy may result in disciplinary action, up to and including termination of employment. Uncanny Software reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity. Uncanny Software does not consider conduct in violation of this policy to be within an employee’s or partner’s course and scope of employment, or the direct consequence of the discharge of the employee’s or partner’s duties. Accordingly, to the extent permitted by law, Uncanny Software reserves the right not to defend or pay any damages awarded against employees or partners that result from violation of this policy.

Any employee or partner who is requested to undertake an activity which he or she believes is in violation of this policy, must provide a written or verbal complaint to his or her manager, any other manager or the Human Resources Department as soon as possible.

References

ISO/IEC 27001:2013 – A.6. Organization of information security

Related Documents

No documents listed

Revision History

• Document history via Github